Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.vaadin/flow@5.0.0
Typemaven
Namespacecom.vaadin
Nameflow
Version5.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.7
Latest_non_vulnerable_version6.0.7
Affected_by_vulnerabilities
0
url VCID-2fz6-rucr-xqax
vulnerability_id VCID-2fz6-rucr-xqax
summary 
Information Exposure Through Discrepancy
Non-constant-time comparison of CSRF tokens in endpoint request handler allows attacker to guess a security token for Fusion endpoints via timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31406
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.1721
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31406
1
reference_url https://github.com/vaadin/flow/pull/10157
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/10157
2
reference_url https://github.com/vaadin/flow/security/advisories/GHSA-p7jq-v8jp-j424
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/security/advisories/GHSA-p7jq-v8jp-j424
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31406
reference_id CVE-2021-31406
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31406
4
reference_url https://vaadin.com/security/cve-2021-31406
reference_id CVE-2021-31406
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31406
fixed_packages
0
url pkg:maven/com.vaadin/flow@5.0.4
purl pkg:maven/com.vaadin/flow@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93dy-76qc-8fb7
1
vulnerability VCID-bud2-81n2-wyhc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow@5.0.4
1
url pkg:maven/com.vaadin/flow@6.0.1
purl pkg:maven/com.vaadin/flow@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bud2-81n2-wyhc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow@6.0.1
aliases CVE-2021-31406, GHSA-p7jq-v8jp-j424
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fz6-rucr-xqax
1
url VCID-93dy-76qc-8fb7
vulnerability_id VCID-93dy-76qc-8fb7
summary 
Insufficient Session Expiration
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31408
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15139
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31408
1
reference_url https://github.com/vaadin/flow/pull/10577
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/10577
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31408
reference_id CVE-2021-31408
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31408
3
reference_url https://vaadin.com/security/cve-2021-31408
reference_id CVE-2021-31408
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31408
4
reference_url https://github.com/advisories/GHSA-mr8h-j9cv-4m8h
reference_id GHSA-mr8h-j9cv-4m8h
reference_type
scores
url https://github.com/advisories/GHSA-mr8h-j9cv-4m8h
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-mr8h-j9cv-4m8h
reference_id GHSA-mr8h-j9cv-4m8h
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-mr8h-j9cv-4m8h
fixed_packages
0
url pkg:maven/com.vaadin/flow@6.0.0
purl pkg:maven/com.vaadin/flow@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fz6-rucr-xqax
1
vulnerability VCID-bud2-81n2-wyhc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow@6.0.0
aliases CVE-2021-31408, GHSA-mr8h-j9cv-4m8h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93dy-76qc-8fb7
2
url VCID-bud2-81n2-wyhc
vulnerability_id VCID-bud2-81n2-wyhc
summary 
Insecure Temporary File
Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server allows local users to inject malicious code into frontend resources during application rebuilds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31411
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15538
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31411
1
reference_url https://github.com/vaadin/flow/pull/10640
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/10640
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31411
reference_id CVE-2021-31411
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31411
3
reference_url https://vaadin.com/security/cve-2021-31411
reference_id CVE-2021-31411
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31411
4
reference_url https://github.com/advisories/GHSA-p826-8vhq-h439
reference_id GHSA-p826-8vhq-h439
reference_type
scores
url https://github.com/advisories/GHSA-p826-8vhq-h439
5
reference_url https://github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439
reference_id GHSA-p826-8vhq-h439
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/platform/security/advisories/GHSA-p826-8vhq-h439
fixed_packages
0
url pkg:maven/com.vaadin/flow@6.0.7
purl pkg:maven/com.vaadin/flow@6.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow@6.0.7
aliases CVE-2021-31411, GHSA-p826-8vhq-h439
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bud2-81n2-wyhc
Fixing_vulnerabilities
0
url VCID-hqrf-7nbq-9bdw
vulnerability_id VCID-hqrf-7nbq-9bdw
summary 
Information Exposure Through Discrepancy
A non-constant-time comparison of CSRF tokens in UIDL request handler in `com.vaadin:flow-server` allows attacker to guess a security token via timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31404
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14389
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31404
1
reference_url https://github.com/vaadin/flow/pull/9875
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/pull/9875
2
reference_url https://github.com/vaadin/flow/security/advisories/GHSA-xwg3-qrcg-w9x6
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vaadin/flow/security/advisories/GHSA-xwg3-qrcg-w9x6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31404
reference_id CVE-2021-31404
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31404
4
reference_url https://vaadin.com/security/cve-2021-31404
reference_id CVE-2021-31404
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://vaadin.com/security/cve-2021-31404
fixed_packages
0
url pkg:maven/com.vaadin/flow@1.0.14
purl pkg:maven/com.vaadin/flow@1.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow@1.0.14
1
url pkg:maven/com.vaadin/flow@5.0.0
purl pkg:maven/com.vaadin/flow@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fz6-rucr-xqax
1
vulnerability VCID-93dy-76qc-8fb7
2
vulnerability VCID-bud2-81n2-wyhc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow@5.0.0
aliases CVE-2021-31404, GHSA-xwg3-qrcg-w9x6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqrf-7nbq-9bdw
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/flow@5.0.0